|
224941
|
7.5 |
HIGH
Network
|
mz-automation
|
libiec61850
|
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.
|
CWE-416
Use After Free
|
CVE-2019-16510
|
2024-11-21 13:30 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224942
|
7.5 |
HIGH
Network
|
tendacn
|
n301_firmware
|
In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.)
|
CWE-20
Improper Input Validation
|
CVE-2019-16412
|
2024-11-21 13:30 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224943
|
6.8 |
MEDIUM
Physics
|
keeper
|
k5_firmware
|
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-16398
|
2024-11-21 13:30 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224944
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-16413
|
2024-11-21 13:30 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224945
|
9.8 |
CRITICAL
Network
|
westerndigital
|
wd_my_book_firmware
|
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-16399
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224946
|
8.8 |
HIGH
Network
|
webkul
|
bagisto
|
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-16403
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224947
|
5.4 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting atta…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16216
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224948
|
6.5 |
MEDIUM
Network
|
zulip
|
zulip_server
|
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2019-16215
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224949
|
7.8 |
HIGH
Local
|
gnucobol_project
|
gnucobol
|
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
|
CWE-416
Use After Free
|
CVE-2019-16396
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224950
|
7.8 |
HIGH
Local
|
gnucobol_project
|
gnucobol
|
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-16395
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
